CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
“React2Shell” Storm: China-Nexus Groups Weaponize Critical React Flaw Hours After Disclosure
Only hours after the public disclosure of a critical vulnerability in the React ecosystem, state-sponsored cyber espionage groups have already launched active exploitation campaigns. Amazon threat int ...
-
TheCyberThrone
React2Shell CVE-2025-55182- Shaking React and Next.js Ecosystems
React Server Components promised a revolution in web development—seamless server-side rendering with client interactivity. But a critical flaw dubbed React2Shell has turned that promise into a widespr ...
-
Daily CyberSecurity
High-Severity Splunk Flaw Allows Local Privilege Escalation via Incorrect File Permissions on Windows
Splunk administrators managing Windows environments are being urged to patch immediately following the discovery of two high-severity vulnerabilities affecting both the Enterprise platform and Univers ...
-
Daily CyberSecurity
High-Severity Cacti Flaw (CVE-2025-66399) Risks Remote Code Execution via SNMP Community String Injection
Image: Cacti A high-severity security flaw has been uncovered in Cacti, the popular open-source network graphing solution. The vulnerability, tracked as CVE-2025-66399, exposes Cacti installations to ...
-
Daily CyberSecurity
NVIDIA Triton Server Patches Two High-Severity DoS Flaws, Risking Critical AI Inference Disruption
NVIDIA has issued a security bulletin regarding its Triton Inference Server, a cornerstone tool used by MLOps teams globally to deploy AI models at scale. The company has identified two high-severity ...
-
The Cloudflare Blog
Cloudflare outage on December 5, 2025
2025-12-055 min readOn December 5, 2025, at 08:47 UTC (all times in this blog are UTC), a portion of Cloudflare’s network began experiencing significant failures. The incident was resolved at 09:12 (~ ...
-
BleepingComputer
Hackers are exploiting ArrayOS AG VPN flaw to plant webshells
Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. Array Networks fixed the vulnerability in a May security ...
-
The Cyber Express
Sanctioned Spyware Vendor Used iOS Zero-Day Exploit Chain Against Egyptian Targets
Google Threat Intelligence Group discovered a full iOS zero-day exploit chain deployed in the wild against targets in Egypt, revealing how sanctioned commercial surveillance vendor Intellexa continues ...
-
Kaspersky
CVE-2025-55182 vulnerability in React and Next.js | Kaspersky official blog
On December 3, it became known about the coordinated elimination of the critical vulnerability CVE-2025-55182 (CVSSv3 — 10), which was found in React server components (RSC), as well as in a number of ...
-
CybersecurityNews
CISA Warns of OpenPLC ScadaBR File Upload Vulnerability Exploited in Attacks
Critical vulnerability has been added to CISA’s Known Exploited Vulnerabilities list, warning organizations about a dangerous file-upload flaw in OpenPLC ScadaBR systems. The vulnerability allows remo ...